Fail2ban: Difference between revisions

From I Will Fear No Evil
Jump to navigation Jump to search
(Created page with "===Fail2ban Notes=== There are a whole bunch of options and commands that I forget for fail2ban. This is simply a list of things that can be done.. ==Ban IP== * sudo fail2ban-client set JAIL banip 107.175.27.212 ==Status Jail== * sudo fail2ban-client status ==UnBan IP== * sudo fail2ban-client set JAIL unbanip 192.168.0.1 ==Testing Regex== * fail2ban-regex /var/log/haproxy.log 'haproxy(?:\[\d+\])?: <HOST>:\d+ \[.*\] default_ssl_http_in~ wiki/wiki01 .* "GET /mediawi...")
 
(No difference)

Latest revision as of 09:56, 27 August 2025

Fail2ban Notes

There are a whole bunch of options and commands that I forget for fail2ban. This is simply a list of things that can be done..

Ban IP

  • sudo fail2ban-client set JAIL banip 107.175.27.212

Status Jail

  • sudo fail2ban-client status

UnBan IP

  • sudo fail2ban-client set JAIL unbanip 192.168.0.1

Testing Regex

  • fail2ban-regex /var/log/haproxy.log 'haproxy(?:\[\d+\])?: <HOST>:\d+ \[.*\] default_ssl_http_in~ wiki/wiki01 .* "GET /mediawiki/index\.php\?title.*.RequestAccount.*$'

Ban Loops

  • for x in `grep mediawiki haproxy.log | grep -v 192.168.0.1 | grep Special | awk '{print $6}' | sed 's/:.*//g' | sort | uniq`; do fail2ban-client set recidive banip $x ; done
Retrieved from "https://wiki.iwillfearnoevil.com/mediawiki/index.php?title=Fail2ban&oldid=673"